Endpoint_Policy (object)

Policy to manage connections based on metadata and content

Properties (* = required):

name type(s) default allowed values description
class* string   “Endpoint_Policy”  
customStrategy       AS3 pointer to custom strategy declaration
label string   “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML
remark string   “^[^x00-x1fx22x5cx7f]*$” Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks
rules array     List of policy rules, order is significant
strategy string “best-match” “all-match”, “best-match”, “first-match”, “custom” Rule-matching strategy; value ‘custom’ means AS3 requires a custom strategy (default is best-match)

Datagroup_Value (object)

Reference to a data-group containing the values

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Data-Group
use string     AS3 pointer to Data_Group

Endpoint_Policy_Rule (object)

A rule for an Endpoint policy that describes actions to perform on traffic matching given conditions

Properties (* = required):

name type(s) default allowed values description
actions array     Specifies the actions for the rule to execute
conditions array     Specifies the conditions for the rule to apply
label string   “^[^x00-x1fx22#&*<>?x5b-x5d`x7f]*$” Optional friendly name for this object. Allows 0-64 chars, excluding a few likely to cause trouble with string searching, JS, TCL, or HTML
name* string   “^[a-zA-Z0-9_-.:%]+$” Name of the endpoint policy rule
remark string   “^[^x00-x1fx22x5cx7f]*$” Arbitrary (brief) text pertaining to this object. Allows 0-64 chars, excluding only control characters, double-quote, and backslash. This is permissive enough that you should worry about XSS attacks

Policy_Action (object)

LTM policy action

Properties (* = required):

name type(s) default allowed values description
/*/        
type* string   “http”, “httpCookie”, “httpHeader”, “httpRedirect”, “httpUri”, “waf”, “forward”, “drop”, “clientSsl”, “persist”, “tcl” Selects the LTM policy action this object describes

Policy_Action_Client_SSL (object)

Enable or disable encrypted connections to backend servers

Properties (* = required):

name type(s) default allowed values description
/*/        
enabled boolean true true, false Enable encrypted connections to backend servers
event string “client-accepted” “client-accepted”, “proxy-request”, “request”, “proxy-connect”, “proxy-response”, “server-connected” When to run this event in the request-response cycle

Policy_Action_Drop (object)

Reset connection

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “ssl-client-hello” “ssl-client-hello”, “request” When to run this event in the request-response cycle

Policy_Action_Forward (object)

Controls where the system forwards a connection

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “ssl-client-hello” “ssl-client-hello”, “request” When to run this event in the request-response cycle

Policy_Action_Forward_Select (object)

Select appropriate location for forwarding the connection based on specified parameters

Properties (* = required):

name type(s) default allowed values description
/*/        
snat string   “disable”, “automap” Controls snat automap

Policy_Action_HTTP (object)

Provides the ability to enable or disable BIG-IP’s HTTP filter processing

Properties (* = required):

name type(s) default allowed values description
/*/        
enabled boolean true true, false Enable BIG-IP’s HTTP filter processing
event string “request” “client-accepted”, “proxy-request”, “request”, “response”, “server-connected” When to run this event in the request-response cycle

Policy_Action_HTTP_Header (object)

Modify HTTP header in request or response

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “request” “request”, “response” When to run this event in the request-response cycle

Policy_Action_HTTP_Redirect (object)

Redirect an HTTP request to a different URL

Properties (* = required):

name type(s) default allowed values description
/*/        
code integer   300 - 399 HTTP status code for the redirect. Note: code is only supported in tmos version 14.0+.
event string “proxy-request” “proxy-request”, “request”, “response” When to run this event in the request-response cycle
location* string     The new URL for which the system will send a redirect response; you can use a Tcl command substitution for this field

Policy_Action_HTTP_URI (object)

Modify the request’s URI, path, or query string

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “request” “request” When to run this event in the request-response cycle
replace* object     Replace URI, path, or query string in request

Policy_Action_HTTP_URI.replace (object)

Replace URI, path, or query string in request

Policy_Action_Persist (object)

Control over how a connection is persisted

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “client-accepted” “client-accepted”, “proxy-request”, “request” When to run this event in the request-response cycle

Policy_Action_TCL (object)

Set a Tcl variable in runtime environment

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “request” “request”, “response”, “ssl-client-hello”, “ssl-server-hello”, “ssl-server-handshake” When to run this event in the request-response cycle
setVariable* object     Set a Tcl variable in the runtime environment

Policy_Action_TCL.setVariable (object)

Set a Tcl variable in the runtime environment

Properties (* = required):

name type(s) default allowed values description
/*/        
expression* string     Tcl expression to evaluate
name* string     Name of variable

Policy_Action_WAF (object)

Control web security

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “request” “client-accepted”, “proxy-request”, “request” When to run this event in the request-response cycle
policy object     Reference to a WAF policy

Policy_Action_WAF.policy (object)

Reference to a WAF policy

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP WAF policy
use string     AS3 pointer to WAF policy declaration

Policy_Compare_Number (object)

Perform a comparison against number values

Properties (* = required):

name type(s) default allowed values description
operand string “equals” “equals”, “does-not-equal”, “less”, “greater”, “less-or-equal”, “greater-or-equal” Specifies the comparison that the system should perform with values
values* array     A list of numbers to do comparisons against

Policy_Compare_String (object)

Perform a comparison against string values

Properties (* = required):

name type(s) default allowed values description
caseSensitive boolean false true, false Specifies if the comparison the system should perform with case sensitivity
datagroup object     Reference to a data-group containing the values
operand string “equals” “equals”, “does-not-equal”, “starts-with”, “does-not-start-with”, “ends-with”, “does-not-end-with”, “contains”, “does-not-contain”, “exists”, “does-not-exist” Specifies the comparison that the system should perform with values. exists/does-not-exist does not accept values is only supported on BIG-IP 15.0+
values array     A list of strings to do comparisons against

Policy_Compare_String.datagroup (object)

Reference to a data-group containing the values

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Data-Group
use string     AS3 pointer to Data_Group

Policy_Condition (object)

LTM policy condition

Properties (* = required):

name type(s) default allowed values description
/*/        
type* string   “httpHeader”, “httpMethod”, “httpUri”, “httpCookie”, “sslExtension”, “tcp” Selects the LTM policy condition this object describes

Policy_Condition_HTTP_Header (object)

Match against any HTTP header

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “proxy-request” “proxy-request”, “request”, “proxy-connect”, “proxy-response”, “response” When to evaluate this condition in the request-response cycle

Policy_Condition_HTTP_Method (object)

Match against any HTTP method

Properties (* = required):

name type(s) default allowed values description
/*/        
all* object     Match on the full HTTP method,Perform a comparison against string values
event string “proxy-request” “proxy-request”, “request” When to evaluate this condition in the request-response cycle

Policy_Condition_HTTP_Method.all (object)

Match on the full HTTP method Perform a comparison against string values

Properties (* = required):

name type(s) default allowed values description
caseSensitive boolean false true, false Specifies if the comparison the system should perform with case sensitivity
datagroup object     Reference to a data-group containing the values
operand string “equals” “equals”, “does-not-equal”, “starts-with”, “does-not-start-with”, “ends-with”, “does-not-end-with”, “contains”, “does-not-contain”, “exists”, “does-not-exist” Specifies the comparison that the system should perform with values. exists/does-not-exist does not accept values is only supported on BIG-IP 15.0+
values array     A list of strings to do comparisons against

Policy_Condition_HTTP_Method.all.datagroup (object)

Reference to a data-group containing the values

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Data-Group
use string     AS3 pointer to Data_Group

Policy_Condition_HTTP_URI (object)

Inspect the URI on a request and match on various parts or the entire URI

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “request” “request” When to evaluate this condition in the request-response cycle

Policy_Condition_SSL_Extension (object)

Inspect SSL extensions being negotiated during HELLO phase

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “ssl-client-hello” “ssl-client-hello”, “ssl-server-hello” When to evaluate this condition in the request-response cycle

Policy_Condition_TCP (object)

Match against specific TCP properties

Properties (* = required):

name type(s) default allowed values description
/*/        
event string “request” “request”, “response”, “classification-detected”, “client-accepted”, “proxy-connect”, “proxy-request”, “proxy-response”, “server-connected”, “ssl-client-hello”, “ssl-client-serverhello-send”, “ssl-server-handshake”, “ssl-server-hello”, “ws-request”, “ws-response” When to evaluate this condition in the request-response cycle. ‘client-accepted’, ‘server-connected’, ‘proxy-connect’, ‘proxy-request’, ‘proxy-response’, and ‘ssl-client-serverhello-send’ require TMOS v13.1+.

Policy_Match_String (object)

Perform a comparison that either matches or does-not-match

Properties (* = required):

name type(s) default allowed values description
datagroup object     Reference to a data-group containing the values
operand string “matches” “matches”, “does-not-match” Specifies the comparison
values array     A list of strings to compare against

Policy_Match_String.datagroup (object)

Reference to a data-group containing the values

Properties (* = required):

name type(s) default allowed values description
bigip string   “f5bigip” formatted string Pathname of existing BIG-IP Data-Group
use string     AS3 pointer to Data_Group